Logout Page Contents - replace with our Logout page. You can download the page from Console -> Networks -> Captive Portals -> Controller Configuration -> Portal pages contents. This will allow you to collect session information that can be used to disconnect user from our Console or REST API.

Click on the Save button to apply new settings.

Click on Allowed IP addresses Tab and add IP addresses and networks that the user should be allowed to access before authentication. Typically, you will enter the IP addresses from the Walled garden that will include IP address of the External Captive Portal, Google, Facebook, LinkedIn, PayPal, SAML Identity Provider or any other Authentication Provider you select.

Please all IP addresses and hostname from IronWifi console

Click on the Save button to apply new settings.

Optional: PfSense + OpenWrt - PfSense as shared captive provider

Go to Network → Interfaces and select the Lan interface.

Set an IP next to your main router on the field "IPv4 address". (If your main router has IP 192.168.1.1 set 192.168.1.2)

Then scroll down and select the checkbox "Ignore interface: Disable DHCP for this interface." - only if you like to have unlimited amount of clients, otherwise DHCP just assign only in defined radius

In the top menu go to System, then Startup, disable Firewall in the list of startup scripts.

Click the Save and Apply button. Hard-Restart your router if you're not able to connect anymore.

Now connect to the new IP you have just specified(192.168.1.2) and check if the settings for the LAN interface are the same you set before.

Verify that your LAN interface is up and online

Connect to your AP, if you had created and set-up pfSense splash page correctly (have created splash page, added at least one Authentication method, applied settings to pfSense), you should be able to login via captive splash page now if you try to access any website.

PC asks for internet from AP, AP forwards it into pfSense, pfSense asks IronWifi if is valid or not, if not pfSense send captive page to PC, PC now must confirm that is valid via captive page, next time process ends in valid without need of captive page check.